Last episode we explored the top of top, or the summary area. This episode will explore the rest of top, the bottom so to speak, or more accurately the Task Area. The task area takes up the lion share of the top interface and displays information about the processes currently running. This area is very customizable but we are going to start with the defaults:

The top of the Task Area, the grey bar above, contains the column headers. The following are the defaults shown in the screen shot example above:

PID = Process ID, this is the unique ID associated with the process information detailed on that column.

USER = The user or account the process is running under, this is the process owner

PR = Priority, or more appropriately the schedule priority the task is running at. The value is dynamically generated using the nice value (explained next). The range is pretty dynamic but the equation to calculate this range is thus:

NI+20-x and NI+20+x

Where x a “bonus” or “discount” point. These points are adjusted over time depending on how the process utilizes CPU time. For example; with processes that sleeps a lot will have the points will be adjusted so the Priority value decrements. Processes that use a lot of CPU time have their points adjusted so the value increments. When the scheduler checks to see what process to run, the process with the lowest Priority value will typically run first.

NI = Nice value of the task. Values range from -20 to 19 where -20 has the highest priority and 19 the lowest. The default value most processes start with is 0.

VIRT – Virtual Memory Size. This is the total amount of virtual memory used by the process. This is not real memory used but includes data swapped out to the disk or cached, shared libraries, etc. Do not confuse this value with RES discussed next.

SHR – Shared Memory Size. Shared memory size is the amount of memory available to a task that is shared with other processes. An example of this would be multiple instances of a bash shell. Instead of each bash process loading and running it’s own libraries, those libraries are shared between each instance thus reducing the overall load on the system. The amount of shared memory would be reported in this value between the instances of bash. The value will probably not be equal for each bash process running.

S – S stands for process status and is one of 5 values:

D = uninterruptible sleep

R = running (or more properly ready to run)

S = sleeping

T = traced or stopped

Z = zombie

The difference between “S” and “D” is that S can be interrupted by a signal but D cannot. Typically D is waiting for a resource to become available (i.e.; disk). Any signals sent to a process in Uninterruptable Sleep will be accumulated and handled when the process returns from sleeping.

%CPU = The task’s share of CPU time since the last refresh. If running in an SMP environment the default IRIX mode on and is value percentage of the combined CPU’s. That is, if there are two CPU’s and the value of %CPU is 20, then that is 20% of 200%. When Irix mode is off, this is Solaris mode, the value is a percentage divided among the total number of CPU’s. That is, with 4 processors, the total CPU percentage is 100% so a value of 20% would be divided among the 4 CPU’s. For example: A value of 20% in Irix mode may equal a value of 5% in Solaris mode in a quad core system, but again, these values are not that directly calculated.

%MEM = The amount of physical system memory used by the process displayed as a percentage.

TIME+ = TIME+ displays the total CPU time the task has utilized since it started in hundredths of a second. When cumulative mode is turned on this value includes the time used by the processes dead children (if any). The default cumulative value is off, and thus does not include the process’s dead children. Cumulative mode can be toggled on and off with the ‘S’ key.

COMMAND = Command is the command name of the process. This is the default mode for this column. Command name can be changed to command line by pressing the “c” key. Command line will show the command along with any flags/options used to start the process. Processes not started with a command line (i.e.; kernel threads) will be contained in brackets: “[” and “]”.

Those are the default columns displayed by top. The following are the remaining columns that can be turned on:

CGROUP = This column lists the control group(s) the process belongs to. If the process does not belong to a control group a “-” is displayed. A control group is a feature of the Linux kernel “to limit, account, and isolate resource usage of process groups.” A control group is a “collection of processes that are bound by the same criteria.” There are tools to create control groups like cgcreate, cgexec, and cgclassify. Control groups are especially useful in virtualized environments to help ensure one group or program does not exceed the resources allocated and impair system functionality for other users and processes. CGroups allow you to define the resources a specific group can use and even limit access to specific resources if need be. They are organized hierarchically where child cgroups inherit attributes from the parent.

CODE = CODE displays the code size, or amount of physical memory devoted to executable code, in Kilobytes. This entry is also known as text resident set. This value shows how much physical memory is actually being used. It excludes what is swapped out.

DATA = The DATA entry details the amount of physical memory used by the process that is devoted to everything but the code.

FLAGS = This is a hexadecimal representations of the task’s current scheduling flags, zeros are suppressed.

GID = The group id the process is running under.

GROUP = The name of the group the process is running under.

nDRT = nDRT is the count of dirty pages, that is pages that have been written to auxiliary storage. When the operating system needs to bring a page into memory and there is no physical page free, the OS will attempt to disgard pages that are not in use. A dirty page is a page, data, in memory that has been altered but not saved to disk. The page cannot be deleted yet, as it may need to be called again, and must be saved a swap file.

nMaj = The number of major page faults that have occurred for a task. This occurs when a process attempts to read or write to a virtual page that is currently not in it’s address space. When auxiliary storage access is involved in making that page available it is flagged as a major fault.

nMin = The number of minor page faults that have occurred for the task. Like a major fault, a minor fault occurs when a task attempts to read or write to a virtual page that is not in it’s current address space. The difference is that auxiliary storage is not involved.

nTH = This column shows the number of threads associated with the process.

P = P stands for the last used processor in an SMP system.

PGRP = Process Group ID. Processes are grouped into unique groups for “the distribution of signals and by terminals to arbitrate requests for their input and output.” Child processes are members of their parent’s groups. When a new process is started the process group id is set to the process ID and becomes the group leader. Expect to see many PRGP ids set to 0 which is the init PGRP.

PPID = This column represents the parent process id of the process. More often than not you will see a lot of process having the init parent process id

RUID = Real user id, the real user id the process is running under, the user who started the process. This is different than effective user id in that the effective user id can be different from the RUID if the id the process is running under is altered by using a command like suid.

RUSER = Real user name is the name of the user who started the process. Like RUID, this value is not altered by commands such as SUID.

SID = Similar to process group id, the session id is the id of the session group the process is a member of. The session id is a collection of process groups that is usually started by the login shell.

SUID = SUID stands for Saved User ID. When a program running as a privileged user needs to execute commands as an unprivileged user it copies the privileged user id to the SUID. This is reported by top.

SUPGIDS = This column contains the ID’s of any supplementary groups the process is running under.

SUPGRPS = This is the group name representation of the SUPGIDS column.

SUSER = This is the Saved User name. Like SUPGRPS, this is the name of the user name of the SUID.

SWAP = This is defined as the non-resident portion of the task’s address space. That is the amount of address space the task is using that is not resident in memory.

TGID = Thread group id. This column is more useful with a multi-threaded process. A single threaded process will only report the process id.

TIME = Time is the total CPU time the process as used since it started. The values is in seconds. When cumulative mode is on this value represents the total cpu time the process and all its dead children have consumed.

TPGID = TOGID is the process group id of the foreground process that for the connected tty that started the process. If the process is not connected to a terminal the value -1 is given.

TTY = TTY is the name of the terminal controlling the process. More often than not this is the device

UID = The effecitive USER ID of the process

USER = The user name the process is running under

WCHAN = This column shows the name or address of the kernel function in which the task is currently sleeping. If the process is not sleeping then a “-” will be listed.

Task area fields can be managed by pressing the “f” key. This will switch to a new window showing a complete list of fields along with instructions at the top:

Fields that are bolded with an asterisk to the left are the fields currently displayed. The arrow keys are used to navigate this list. The up and down arrow keys move the selection from item to item in the list. Pressing the space bar or “d” will toggle the selection display “on” or “off.” To rearrange the order of the display items navigate to the item you want to move, press the right arrow key and move the field to the new location using the up and down arrow keys and press the left arrow key or the “enter” key to commit to the new location. To exit this list press the escape key or “q” and you will return to the main top display.